CVE-2024-3656: Keycloak: unguarded admin rest api endpoints allows low privilege users to use administrative functionalities
First published: Wed Apr 10 2024(Updated: )
A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/org.keycloak:keycloak-services | <24.0.5 | 24.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=2274403
- https://github.com/keycloak/keycloak/security/advisories/GHSA-2cww-fgmg-4jqc
- https://github.com/keycloak/keycloak/commit/d9f0c84b797525eac55914db5f81a8133ef5f9b1
- https://nvd.nist.gov/vuln/detail/CVE-2024-3656
- https://access.redhat.com/security/cve/CVE-2024-3656
- https://access.redhat.com/errata/RHSA-2024:3575
- https://github.com/advisories/GHSA-2cww-fgmg-4jqc (Advisory)
- https://github.com/hnsecurity/vulns/blob/main/HNS-2024-08-Keycloak.md
- https://news.ycombinator.com/item?id=42136000
- https://security.humanativaspa.it/an-analysis-of-the-keycloak-authentication-system/
- https://access.redhat.com/errata/RHSA-2024:3572
- https://security.humanativaspa.it/an-analysis-of-the-keycloak-authentication-system
Frequently Asked Questions
What is the severity of CVE-2024-3656?
CVE-2024-3656 is classified as a high-severity vulnerability due to its potential to allow low-privilege users access to administrative functionalities in Keycloak.
How do I fix CVE-2024-3656?
To fix CVE-2024-3656, upgrade Keycloak to version 24.0.5 or later.
What are the risks associated with CVE-2024-3656?
The risks associated with CVE-2024-3656 include data breaches and potential system compromise due to unauthorized access to administrative APIs.
Who is affected by CVE-2024-3656?
CVE-2024-3656 affects Keycloak versions prior to 24.0.5, specifically those utilizing the admin REST API.
What kind of actions can low-privilege users perform due to CVE-2024-3656?
Low-privilege users can perform actions reserved for administrators, which may lead to unauthorized configuration changes or data access.
- agent/softwarecombine
- agent/weakness
- agent/title
- agent/type
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-3656
- agent/first-publish-date
- agent/description
- agent/severity
- agent/event
- agent/author
- agent/trending
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-2cww-fgmg-4jqc
- agent/software-canonical-lookup
- agent/references
- agent/last-modified-date
- agent/tags
- collector/nvd-cve
- collector/github-advisory
- agent/source
- package-manager/maven